[Samba] to shares access from non-member clients/nodes
lejeczek
peljasz at yahoo.co.uk
Fri Aug 30 18:13:33 UTC 2019
On 30/08/2019 17:25, Rowland penny via samba wrote:
> On 30/08/2019 17:12, lejeczek via samba wrote:
>> hi guys,
>>
>> with Samba as below
>>
>> [global]
>> workgroup = NNNR
>> netbios name = PA2
>> realm = PRIVATE.REALM.MINE
>> kerberos method = dedicated keytab
>> dedicated keytab file = /etc/samba/samba.keytab
>> create krb5 conf = no
>> security = user
>> domain master = yes
>> domain logons = yes
>>
>> Should nodes/clients outside of domain (non-members) be
>> able to access
>> (with user+pass) Samba shares?
>>
>> many thanks, L.
>>
>>
> 99% of that smb.conf is for a Unix Domain member, but
> 'security = user' should be 'security = ADS' and it
> wouldn't be a PDC (domain master = yes) because it is
> using kerberos.
>
> There are also no auth lines that are required for a Unix
> domain member.
>
> To put it another way, that is a borked smb.conf.
>
> If you just want a standalone server, see here:
>
> https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Standalone_Server
>
>
> If you want something else, please explain just what you
> are trying to achieve.
>
> Rowland
>
>
Yes, it's a unix domain for it's a "regular" FreeIPA's
Samba. Out of box this, I think, only does windows when
trusted to an AD and from there, from/via AD win clients work.
But I was hoping that outside of kerberos/domain clients(win
10), perhaps with user+pass could be mangled into such
FreeIPA's Samba.
many thanks, L.
More information about the samba
mailing list